Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
222
Views
0
Helpful
2
Replies

VLAN Management

mansoor_nawaz78
Level 1
Level 1

‎07-16-2006 10:41 PM - edited ‎03-03-2019 04:04 AM

Hello,

I have almost 50 cisco switches, they are accessable through there public IPs, some ports of the switches are used for the local IPs, but some ports of the switchs are used for the Public IP clients, local IP clients are working through VLAN, but public IP clints are not working any VLAN, they are working under VLAN 1, and all switches are also managed through VLAN 1..

* Is it a good method, Or i configure a different VLAN for a Public IP Clients.

Thank You

Labels:
0 Helpful
2 Replies 2

jackyoung
Level 6
Level 6

‎07-16-2006 11:44 PM

What I suggest is to use separated VLANs for public, private and management traffic. It can prevent the attack from public to your equipment and limited the broadcast domain. However, VLAN routing and ACL is required for the security issue.

0 Helpful

rolf.fischer_2
Level 1
Level 1

‎07-16-2006 11:58 PM

The special thing about VLAN1 is that it's the native VLAN (as long as you don't change that by configuring a different one as nativ).

The switches exchange a lot of managent-data on the native VLAN, e.g. VTP, STP, CDP etc.

An other thing is that the native VLAN is transmited untagged on trunks which can be a security risk. And port that are not assigned to a VLAN, operate in VLAN1 by default.

That's why some people don't use VLAN1 at all.

A good link regarding switch security: www.nsa.gov/snac/os/switch-guide-version1_01.pdf

0 Helpful
Customers Also Viewed These Support Documents